# Root Key
openssl genrsa -des3 -out ca.key 2048
# ROOT CA Certificate
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \
-subj "/C=CN/ST=SH/L=SH/O=ON" \
-out ca.crt
# Server Key
openssl genrsa -out server.key 2048
# Server CSR
openssl req -new -key server.key \
-subj "/C=CN/ST=SH/L=SH/O=ON" \
-out server.csr
# Server Certificate,3650 days
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 -out server.crt
# p12
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "server"
# pem
openssl x509 -in ca.crt -out ca.pem -outform PEM
# Client Key
openssl genrsa -out client.key 2048
# Client CSR,Common Name: client Name requried
openssl req -new -key client.key \
-subj "/C=CN/ST=SH/L=SH/O=ON/CN=Env1" \
-out client.csr
# Client Certificate
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 -sha256 -out client.crt
# p12
openssl pkcs12 -export -out client.p12 -inkey client.key -in client.crt -certfile ca.crt
# pem
openssl x509 -in client.crt -out client.pem -outform PEM
# verify chain
openssl verify -CAfile ca.crt client.crt
# verify Certificate and key
openssl x509 -noout -modulus -in client.crt | openssl md5
openssl rsa -noout -modulus -in client.key | openssl md5
# Get Issuer and Subject
openssl x509 -in client.crt -text -noout | grep -E 'Issuer:|Subject:'